It copies itself to the following location: • %PROGRAM FILES%\Media Access\MediaAccess.exe

It creates the following directory: • %PROGRAM FILES%\Media Access

The following file is created:

– Non malicious file: • %SYSDIR%\ide21201.vxd

It tries to download some files:

– The location is the following: • http://static.windupdates.com/Release/v20/********** It is saved on the local hard drive under: %PROGRAM FILES%\Media Access\MediaAccK.exe Furthermore this file gets executed after it was fully downloaded. At the time of writing this file was not online for further investigation.

– The location is the following: • http://static.windupdates.com/Release/v20/********** It is saved on the local hard drive under: %PROGRAM FILES%\Media Access\MediaAccC.dll At the time of writing this file was not online for further investigation.

– The location is the following: • http://static.windupdates.com/Release/v20/********** It is saved on the local hard drive under: %PROGRAM FILES%\Media Access\Info.txt At the time of writing this file was not online for further investigation.

Registry

The following registry key is added in order to run the process after reboot: